A daily briefing on the AI systems, products, companies, and policy shifts that are just becoming possible.
Want a podcast for your own topics? Join early access: https://www.barelypossible.to/waitlist/?source_path=public_feed&feed_source=rss
Okay kiddos, I'm your boy Tony DeLuca, and you've found your way to Barely Possible, the show where we pick through the AI news pile so you don't have to. Big menu today, and I want to start with a story that sounds boring on the surface and turns out to be one of the most consequential things a founder can think about right now. It's not a flashy model launch. It's not a billion-dollar round. It's a grocery store and a software bill.
Here's the headline. Tesco, the big UK supermarket chain, is moving forty thousand server workloads off VMware. Forty thousand. And the reason they're doing it, according to court filings, is that they say Broadcom hiked their VMware prices by about a hundred and seventy-five percent. They're calling it, in legal language, abusive conduct. That's the report from Scharon Harding.
Now, why am I leading with a virtualization licensing fight? Because it's the cleanest preview I've seen all week of where the AI tooling world is headed. Stick with me, because everything else today rhymes with this.
Here's the pattern. A company offers you a piece of infrastructure. You build your whole operation on top of it. You sink years and tens of thousands of workloads into it. And then one day, the owner of that infrastructure looks at how dependent you are and says, the price just went up. A hundred and seventy-five percent. And what are you gonna do, move forty thousand workloads overnight? Of course not. Except, eventually, if the squeeze is bad enough, you do exactly that. You eat the migration pain because the alternative is worse.
That is the lock-in trap, and Broadcom and VMware are the cautionary tale that everybody in enterprise IT now points to. And here's why it matters to you if you're building anything in AI right now. The exact same dynamic is forming up around AI models and AI tooling, except it's moving about ten times faster than VMware ever did.
Let me connect that to the second piece, because it's the same story wearing different clothes. There's a venture capitalist named Tiffany Luck at NEA, and she did a segment on enterprises still trying to figure out their AI return on investment. And the framing around it is just chef's kiss for what we're talking about. The term they use is tokenmaxxing. That was the hot trend earlier this year, where CEOs told employees, push the AI as far as it'll go, use it for everything. And then, in the words of the piece, the bill came due. Uber reportedly blew through its annual AI budget in a few months. Some companies cut Claude licenses for parts of their org. Meta killed its internal leaderboard.
Now, longtime listeners will hear an echo here. We talked back at the start of the month about Uber putting a fifteen-hundred-dollar-a-month-per-employee cap on coding agents. That was the canary. What Tiffany Luck is describing is the canary becoming the rule. The honeymoon where everybody was told to gorge on tokens is over, and the CFOs have walked into the room with a calculator. And once the CFO is in the room, the question stops being how powerful is this model and becomes what am I locked into, and what does it cost me to leave.
Which brings me to a little exhibit that ties a bow on the whole thing. Simon Willison, who's about as careful a reader of this stuff as you'll find, was poking around the Claude documentation and pricing. And the thing he surfaced is this. Enterprise companies with more than a hundred and fifty employees have to pay full API token pricing for their usage, on top of an extra per-seat charge, which he thinks is around twenty bucks a month. And his read, which I find persuasive, is that those enterprise accounts paying full freight are where Anthropic makes the bulk of its revenue.
So think about what that means structurally. The consumer plans, the two hundred dollar a month all-you-can-eat plans, those have been getting throttled and rerouted to usage billing, as we covered when Anthropic paused token billing on the Agent SDK. The real money is enterprise, paying full API rates. And those enterprise customers are now exactly the people running the math, finding the bill is enormous, and asking, like Tesco asked about VMware, do I really need to be this dependent on one vendor.
And here's the part that should sit in your head if you're a builder. We've seen the early moves already. Companies routing cheaper tasks to cheaper models. Companies shifting to open Chinese models like DeepSeek and Kimi to cut costs. Companies post-training their own smaller models that hit ninety percent of the quality at a tenth of the price. Every one of those is a Tesco move. It's a customer building the off-ramp before the price hike, not after.
So the lesson, if you're building a product on top of a model provider, or if you're building tooling other people depend on, is the same lesson Broadcom is teaching the hard way. Lock-in is a real asset right up until it becomes a liability that gets you on the front page of a court filing. The smart builders are designing for portability now, while it's cheap, instead of when they're staring down a hundred and seventy-five percent increase. That's the whole game this week, and we're gonna keep seeing it.
Now, let me take that lock-in idea and push it up a level, because there's a version of it that's not about your software bill. It's about whether your entire country gets cut off.
This is from a piece by Rebecca Bellan, and the title basically tells you everything. World leaders want American AI. They just don't want America to be able to turn it off. At the G7 summit, French President Macron and Indian Prime Minister Modi both raised alarms that the United States could cut off access to American AI overnight. And the reason that fear suddenly feels real and not theoretical is the Anthropic situation we've been tracking for over a week now. The US Commerce Department, over a jailbreak concern, forced Anthropic to disable access for foreign nationals, which effectively pulled the plug on Mythos and Fable internationally.
Now I want to be careful here, because we covered the guts of the Anthropic shutdown across several episodes already, the export-control kill switch, the cybersecurity veterans protesting it as dangerous, the whole mess. I'm not gonna re-litigate all that. What's new and worth your time is the second-order effect. It turns out that when you demonstrate, live, in front of the whole world, that the US government can reach into a private American AI company and switch off access for everybody outside America, you teach every other government a lesson. And the lesson they learn is, do not build your economy on a tool that a foreign capital can disconnect on a Friday night.
This is the geopolitical version of the Tesco problem. France, India, every G7 country that was happily adopting American AI just got shown the kill switch. And the predictable response, the one analysts have been warning about, is that this is a gift to China. Because the Chinese pitch now writes itself. Our models, you can run them yourself, nobody in Washington can turn them off. For a sovereign government weighing dependence, that's not nothing. That's the whole pitch.
And you can see the chess move in Anthropic's own behavior. Same day-ish, Anthropic announced it's opening a Seoul office and a bunch of partnerships across the Korean AI ecosystem. Now, on its own, a new international office is a yawn. But in context, it reads like a company trying to plant flags and build local relationships precisely so it looks less like a remote American utility that can be switched off and more like an embedded local partner. Whether that actually solves the trust problem, I'm skeptical. The office is in Seoul, but the switch is still in Washington. Local real estate doesn't change who holds the breaker.
For founders, the takeaway is uncomfortable but clear. If you're selling AI-powered software internationally, your customers are now thinking about geopolitical lock-in whether you brought it up or not. The reliability question used to be, will the API have good uptime. Now it's, could my vendor's home government cut me off for reasons that have nothing to do with me. And if you don't have a good answer, somebody selling a model you can self-host does.
Let me shift from who controls the model to who's building the next kind of model, because there's a fundraise today that tells you where the smart money thinks this is going.
World model maker Odyssey nabbed a one-point-four-five billion dollar valuation, backed by Amazon and a bunch of other big names. That's reported by Julie Bort. And the framing in the piece is that world models are being pitched as the next big thing in AI beyond large language models, and this round cements Odyssey as one of the startups to watch.
Now let me translate, because world model is one of those phrases that gets thrown around. A large language model predicts the next word. A world model is trying to predict the next state of an environment. What happens if I push this object, what does the scene look like from another angle, how does this physical situation evolve. It's the kind of intelligence you'd want if you're trying to do robotics, or simulation, or anything that has to reason about a physical or spatial world rather than just text.
And here's the thing for builders to file away. We've spent two years where everything was a language model wrapper. Odyssey raising at a one-point-four-five billion valuation, with Amazon writing checks, is a signal that the frontier money believes the next platform layer is something other than text prediction. I'm not telling you to go bet the company on world models tomorrow. The category is early and the demos are easier than the products. But if you're thinking about where the next wave of defensible startups comes from, it's probably not the four-hundredth chatbot. It's the modalities that the language model boom skipped over.
And it connects neatly to something concrete on the robotics side. There's a report from Jeremy Hsu with maybe my favorite headline of the day. AI coding agents taught robots how to install GPUs and cut zip ties. This is Nvidia's self-improvement program for robots, and it enlists teams of AI coding agents to direct the robot training.
Let me make sure the picture lands, because it's a little wild. You've got robots learning to do physical manual tasks, installing GPUs into servers, cutting zip ties, the kind of fiddly hands-on work in a data center. And the thing directing their training isn't a room full of human engineers writing every reward function by hand. It's teams of AI coding agents autonomously running the training loop. So you've got AI agents teaching robots to build the hardware that runs the AI agents. It's recursive in a way that's either thrilling or makes the hair on your neck stand up, depending on your mood.
Now, I want to be the grumpy guy from the neighborhood for a second, because the word autonomously does a lot of heavy lifting in these announcements. Nvidia has every incentive to make this sound more hands-off and self-improving than it is, because robots that improve themselves is a much better story for selling GPUs than robots that need a thousand engineers babysitting them. So I'd take the autonomy framing with a grain of salt. But even discounted, the direction is real and it matters for two reasons. One, it's the world-model thesis in action, intelligence reasoning about physical tasks. And two, it's a concrete example of agents being put to work on the messy physical economy, not just writing code in a sandbox.
Alright, let's swing over to the security desk, because there's a cluster of stories today and if you build software, this is your bread and butter.
The big one, from Dan Goodin, a massive breach has spilled credentials for thousands of sensitive networks. The affected list includes Oracle, Lenovo, FedEx, a NATO contractor, and Fortinet. That's a serious roster. And it dovetails with a second report, from Lorenzo Franceschi-Bicchierai, that an alleged Russian-speaking group of cybercriminals has been compromising tens of thousands of Fortinet firewalls and VPNs used by major companies all over the world, and the way they're getting in is through previously known passwords.
Let me dwell on that last part, because it's the whole lesson and it's painfully unglamorous. Previously known passwords. Not some exotic zero-day. Not a quantum computer cracking encryption. Credentials that leaked somewhere, at some point, that nobody rotated. The attackers are walking through the front door with keys that were left under the mat. Tens of thousands of firewalls, the devices whose entire job is to keep people out, getting opened with old passwords.
If you're a founder, here's the uncomfortable mirror. Your firewall vendor is supposed to be your line of defense, and here's a case where the line of defense became the attack surface. The thing protecting the perimeter is the thing that got compromised. So the question for your shop isn't just are we patched. It's, do we even know which of our credentials are floating around in old breach dumps, and have we rotated them. Most companies cannot answer that quickly, and that's exactly the gap these crews are driving a truck through.
And I'd connect this to where the threat is heading, because there's a piece from Lily Hay Newman, of WIRED, with a blunt title. Dangerous AI models are coming no matter what. The argument being that AI models with advanced hacking capabilities will soon be the norm.
Now, this connects directly back to the Anthropic situation we've been chewing on. Remember, the whole reason the government pulled the kill switch on Mythos was a fear about advanced cyber capabilities, a model that was, in some hands, a frighteningly good vulnerability researcher. And the WIRED piece is making the point that even if you lock down one company's model, the capability is coming regardless. You cannot regulate a single American lab into preventing this, because the underlying ability to find and exploit software bugs at machine speed is going to show up across many models, including ones outside US jurisdiction.
So put the two threads together. Russian-speaking crews are already racking up tens of thousands of firewalls with nothing fancier than old passwords. Now imagine that same crew with a model that can autonomously hunt for fresh vulnerabilities. The defender's job gets harder, and it gets harder for everyone at the same time. The honest read here is not panic, it's hygiene. The boring stuff, credential rotation, patching, least privilege, gets more important, not less, in a world where attackers have machine assistance. The fundamentals don't go out of style. They become the thing that saves you.
Let me stay in the builder's world but move from defense to a different kind of risk, the kind that targets your customers. There's an FTC lawsuit, reported by Sarah Perez, that reveals how subscription scam networks evade app store enforcement. And the mechanics are worth knowing because they're genuinely clever in an awful way.
What the FTC alleges is that sophisticated subscription app operators use shell companies and payment infrastructure to stay active on app stores even as consumer complaints pile up. So the scam app racks up complaints, the platform moves to shut it down, but the operator has structured the whole thing through enough shell entities and payment plumbing that they just pop up again under a different corporate hat. It's whack-a-mole, and the moles incorporated in Delaware.
If you're a legitimate subscription business, here's why you should care. Every one of these scams burns down trust in the entire category. When sixty percent of consumers already say the word AI in marketing is a turnoff, and when subscription scams are this rampant, the honest operator pays a tax in skepticism they didn't earn. The flip side, the opportunity, is that trust becomes a real differentiator. Clear cancellation, honest billing, no dark patterns. In a market this polluted, just being straight with people is starting to look like a moat.
Now let me give you a couple of quick hits, the kind of thing I'd mention over coffee at the diner before we wrap.
Snap finally unveiled its long-awaited AR glasses, and the market response was, oof. The stock took a dive after the debut, with the chief complaint being the price, which is, in the words of the report, ridiculously expensive. And look, I've got a soft spot for ambitious hardware, but the lesson here is old as the hills. You can't ship a halo product at a halo price and expect the public markets to clap. Snap has been chasing the glasses dream for a decade, and the gap between what they can build and what people will actually buy is still wide. For founders, it's the eternal reminder that a cool demo and a viable product are separated by a price tag.
Quick one on the home front. Google's Gemini-powered Home Speaker is finally up for preorder, ten months after it was first shown, hitting on June twenty-fifth for a hundred bucks. And the tell, from Ryan Whitwam's piece, is right there. It's more about Gemini than audio quality. Which is the whole strategy now, isn't it. The speaker is a Trojan horse for the assistant. The hardware's just the delivery vehicle for getting Gemini into your kitchen. Hundred dollars is cheap because the speaker isn't the product. You are.
And on the boardroom beat, Roelof Botha, the former Sequoia Capital leader, joined SpaceX's board of directors, filling what's described as an existing vacancy. This comes days after SpaceX went public in what's being called the largest IPO ever, which we dug into a while back. I won't belabor it, but a top-tier venture name taking a board seat right after the IPO is the kind of governance signal that says the grown-ups are settling in for the public-company phase. Make of that what you will.
Now let me get to the meatier one I've been saving, because it's the kind of story that flies under the radar and shouldn't. Google put out research, authored by Mike Schaekermann and the Google Research team, on a medical AI system called AMIE, and it's published in Nature. The claim is that their conversational AI system matches primary care physicians in complex disease management.
Now let me slow down, because there's a real distinction buried in here that matters. Earlier AMIE work was about diagnosis, the one-shot, what's-wrong-with-this-patient problem. This new research is about disease management, which is a different and harder animal. Management is the long game. It's the ongoing care of someone with a chronic condition, adjusting medications over time, following up, handling the messy back-and-forth of a condition that evolves. Diagnosis is a question. Management is a relationship.
And the reason a founder should care, even if you're nowhere near healthcare, is what it says about where conversational AI is genuinely getting competent versus where it's still hype. Matching primary care physicians in a controlled study is not the same as replacing your doctor, and I want to be clear-eyed about that. These studies tend to be done in carefully constructed conditions, text-based consultations, simulated or curated cases, and the gap between matching a doctor in a study and being trusted with your mother's diabetes management is enormous. Regulation, liability, bedside trust, none of that is solved by a Nature paper.
But here's the thing I'd flag. The fact that it's in Nature, peer-reviewed, focused on the harder management problem and not just the flashy diagnosis demo, tells you the serious version of medical AI is maturing. It's moving from look-what-it-can-guess to can-it-actually-help-manage-a-condition-over-time. And for builders, the broadly applicable insight is this. The next real value in AI products isn't the impressive one-shot answer. It's the sustained, multi-turn, follow-the-thread-over-time competence. Anybody can build a thing that answers a question. The hard, valuable, defensible thing is software that can hold a relationship across many interactions and actually move an outcome. That's true in medicine, and it's true in customer support, in coding, in legal, in everything. The demo is the diagnosis. The product is the management.
And notice how that connects back to where we started. The reason enterprises are auditing their AI bills is partly that a lot of what they bought was diagnosis-grade, impressive but shallow, easy to use a lot and hard to point at a result. The stuff that survives the CFO's calculator is the management-grade stuff that demonstrably moves a number. So if you want your AI line item to survive the budget review that's coming for everyone, build the thing that holds the thread, not the thing that does the trick.
A couple more before I let you go. There's a venture take from Chi-Hua Chien, the investor who, the framing goes, saw Facebook coming, and now he's arguing the real AI winners won't be selling AI. And I'll just leave that as a provocation worth sitting with, because it's the contrarian counterweight to the whole world-model-fundraise energy we talked about earlier. His thesis, as I read it, is that the durable value won't accrue to the people selling models and tools, it'll accrue to the companies that quietly use AI to win their existing market. The picks-and-shovels crowd gets the headlines. The people who get rich might be the ones who never put AI in the marketing copy at all. Which, by the way, lines up with that survey finding that consumers are sick of seeing AI plastered on everything. Maybe the winning move is to make the product better and shut up about how.
And on the science desk, because I can't resist, Amazon and QuEra are promising useful quantum error correction by 2028, which the report flags as sooner than expected. I'm not gonna pretend I can hand you a product roadmap off that. Quantum timelines have a long history of slipping, and I'd file this under watch, don't bet. But useful error correction is the milestone that separates quantum-as-a-science-project from quantum-as-something-that-might-eventually-touch-your-cryptography. If 2028 holds, and that's a big if, the people who should be paying attention are the security folks we were just talking about, because the whole foundation of how we encrypt things assumes certain math stays hard. Keep one eye on it. Don't reorganize your company around it.
So let me tie the whole menu together, because there's a through-line and it's not the abstract one. It's concrete. The story of the day was Tesco moving forty thousand workloads off VMware because the vendor squeezed them. And almost everything else was a variation on that exact theme. Enterprises auditing their AI bills and routing around expensive models. World leaders looking at the Anthropic kill switch and deciding they can't depend on a tool Washington can disconnect. Security crews walking through doors with old keys nobody bothered to change. The common thread is dependence and the cost of it. Who holds the breaker, who holds the keys, who holds your bill. The builders who win the next year are the ones who think hard about those questions before someone else answers them for you, in a court filing or a Friday-night phone call.
That's the show. I'm Tony DeLuca, this has been Barely Possible, and my unsolicited advice for the day is rotate your passwords and read your invoices. Both of those will save you more grief than any model upgrade. Take care of yourselves, and I'll catch you next time.